The best way to distinguish your organization in the market is by providing high-quality services. Taking into consideration the growing customer expectations, an organization should be able to provide high-quality services today, while ensuring the continuous improvement of the quality of services in the future, in order to remain competitive in the market. Customers have little or no tolerance for poor performance or downtime when it comes to service delivery; they tend to replace the under performing service provider very quickly in case of any dissatisfaction. Advances in technology have made it easier for the customer to be exposed to better service offerings and to change service providers. Therefore, having a system to manage the service life cycle is the cornerstone of an organization’s ability to maintain its customers’ loyalty. It covers the whole spectrum of planning, coordinating, implementing, providing and monitoring high-quality services of an organization. Through agreements with customers and suppliers, and grounded on set policies, objectives, and plans, a Service Management System establishes the basis for excellence in service delivery assurance, guaranteeing capacity, availability, continuity and security while meeting the needs of customers and other stakeholders.
A Service Management System (hereinafter SMS) is considered as an all-encompassing management system for a service provider organization, since it is intended to bring together all aspects of organizational management, such as planning, strategies, policies, objectives, documentation and specific processes of the organization. It is widely used by organizations as the main resource for the purposes of directing and controlling service management activities, aiming to meet the business needs effectively. Additionally, Service Management Systems are modular in nature, capable of incorporating the majority of aspects of a service provider organization. Implementing and operating the SMS leads to greater effectiveness and efficiency by providing visibility, control and continual improvement in all aspects of the service life cycle.
The International Organization for Standardization & the International Electro-Technical Commission (ISO/IEC JTC 1) provide the frameworks, concepts and best practices which help organizations in implementing an SMS. The Information Technology Infrastructure Library (ITIL®) can supplement the ISO guidance with best practices contributing to the effective implementation of an SMS. Depending on the nature of the organization, the SMS might be implemented in the entire organization or only in a subset of the organization (division, department or branch, etc.). Although the SMS concept brought forward by the ITIL® and ISO/IEC 20000-1 is commonly associated with the management of IT services, it is applicable to any organization, including those operating in manufacturing, logistics or healthcare services, amongst others. The main idea remains the same: being able to provide a centralized system for the planning, design, development, and delivery of services, either to the organization itself or to third parties. The ISO/IEC 20000-1 standard has made this explicitly clear from its 2011 edition.
An Overview of the ISO/IEC 20000-1 Standard
According to the ITIL® (Version 4), “A service is a means of enabling value to customers by facilitating outcomes customers want to achieve without the customers having to manage specific costs and risks.” To be able to fulfill the needs and expectations of customers, organizations need to have a set of capabilities and processes to direct, control and maintain the activities of service provision. Therefore, an SMS needs to be put in place for the organization to be able to effectively fulfill the business requirements and meet customer expectations.
The ISO/IEC 20000-1:2018 standard provides a framework for establishing, implementing, maintaining and continually improving an SMS. According to the standard, an SMS supports the management of the service lifecycle, including planning, design, transition, delivery, and improvement of the services which fulfill the expectations, meet the agreed requirements and deliver value to customers. The standard, now in its third edition, was created by the joint technical committee JTC1, comprised of ISO (the International Organization for Standardization) and IEC (the International Electro-technical Commission). Despite being labeled as an Information Technology standard, it is applicable to all organizations, regardless of the nature of the services they deliver. In fact, there is only one mention of technology, as part of the service management plan supporting the SMS.
Due to the fact that the ISO/IEC 20000-1 standard is intentionally independent of specific guidance, organizations might use a combination of previous experience in the market and generally accepted frameworks or best practice such as ITIL® to accommodate the implementation. Therefore, the requirements stated in the standard are aligned with the commonly used methodologies such as ITIL®, CMMI, COBIT, while service management tools are designed to support the SMS. Additionally, there are supplementing parts of this standard (not aligned with the new ISO/IEC 20000-1:2018) which provide specific guidelines for an effective Service Management System. A short explanation of each part of the standard is provided below:
- ISO/IEC 20000-1: This standard specifies requirements for the planning, implementation, maintenance and continual improvement of an SMS. It is the only standard in the ISO/IEC 20000 series against which certification can be provided. Other standards in the series provide guidance or specific information only.
- ISO/IEC 20000-2: This standard provides guidance on the application of service management systems (SMS) based on the requirements of ISO/IEC 20000-1.
- ISO/IEC 20000-3: This standard provides practical guidance on the scope definition, applicability and demonstration of conformity to the requirements of ISO/IEC 20000-1.
- ISO/IEC TR 20000-5: This standard provides guidance on the implementation of an SMS to fulfill the requirements of ISO/IEC 20000-1.
- ISO/IEC 20000-6: This standard provides requirements for certification bodies providing audit and certification of an SMS in accordance with ISO/IEC 20000-1.
- ISO/IEC 20000-9: This standard provides guidance on the use of ISO/IEC 20000-1 for organizations delivering cloud services.
- ISO/IEC 20000-10: This standard describes the core concepts and terminology of ISO/IEC 20000 (all parts).
- ISO/IEC TR 20000-11: This standard provides guidance on the relationship between ISO/IEC 20000-1 and the ITIL® service management framework.
- ISO/IEC TR 20000-12: This standard provides guidance on the relationship between ISO/IEC 20000 1:2011 and CMMI-SVC.
The ISO/IEC 20000-1 standard is applicable to any organization that intends to:
- establish, implement and maintain a Service Management System to improve the quality of its services, minimize or eliminate the risks associated with the services it provides and take advantage of the SMS opportunities as well as address the nonconformities associated with its activities;
- continually improve its SMS and services and consequently, overall performance;
- demonstrate conformity with the requirements of this international standard;
- use the certification to an internationally acclaimed and accepted Standard for service management, both from internal and external assurances and credibility in the global market.
The standard can also be used by customers seeking services and requiring assurance regarding the quality of those services or requiring a consistent approach to the service lifecycle by all its service providers, including those in a supply chain.
The effective implementation of an SMS in accordance with ISO/IEC 20000-1 helps organizations in building and maintaining the customers and stakeholders’ confidence. The implementation and operation of an SMS provides ongoing visibility, control of services and continual improvement, leading to greater effectiveness and efficiency. Complying with the requirements of ISO/IEC 20000-1 allows organizations to increase and improve their service-providing capabilities by providing a stable foundation for services that organizations build as a result of new services and new clients. Therefore, ISO/IEC 20000-1 is a widely recognized standard that helps organizations achieve their organizational, business and service goals. Adopting an SMS is a strategic decision influenced by the organization’s objectives, governing body and the need for quality services. By implementing an SMS, organizations prove their commitment to continuous improvement, control of services and ongoing visibility which leads to greater efficiency and profits.
With the support of the ISO/IEC 20000-1 standard, organizations providing any kind of service will be able to operate according to the best practices, leading to a better management of their services, which plays a pivotal role in their overall performance. The ISO/IEC 20000-1 foresees the “adoption of an integrated process approach to effectively deliver managed services to meet the business and customer requirements.” Moreover, it clarifies the actions that should be undertaken to effectively manage different areas such as capacity planning, the performance of the organization, continuous improvement, etc.
Key changes between ISO/IEC 20000-1:2018 and ISO/IEC 20000-1:2011
Main steps to master the transition include, but are not limited to:
- How to support an organization to correctly interpret the high-level requirements of ISO/IEC 20000-1:2018
- Identify the most restrictive requirements and address the gap
- Identify the additional requirements and implement them
- Identify the requirements that are less restrictive to ensure the cost effectiveness of the SMS
- If you are certified against the standard, talk to your certification body about transitioning to the new version
Structure of the Service Management System (ISO/IEC 20000-1:2018)
The figure below illustrates a Service Management System and the clauses included in the ISO 20000-1:2018 standard. It does not represent any structural hierarchy or authority levels as there is no requirement included in the standard regarding the structure that should be applied to an organization’s SMS. Moreover, there are no requirements for the terms used in different organizations to be replaced with new terms stated in the standard, and therefore, organizations are allowed to choose terms that suit their operations. Additionally, the structure of the clauses is established with the intention of showing a presentation of requirements, rather than a model that organizations should follow to document their policies, objectives or processes. However, regardless of the structure that organizations follow, they cannot ignore any of the requirements stated in the standard, as all the clauses of this standard are mandatory for compliance.
Understanding the Service Management System (ISO/IEC 20000-1)
The Prospective Users of the ISO/IEC 20000-1 Standard
The new ISO/IEC 20000-1:2018 standard is the latest evolution in service management, being the third edition since the 2007 and subsequently 2011 version. There are significant changes to the standard, particularly considering the growing trends in service management such as commoditization of services, the management of multiple suppliers by an internal or external service integrator and the need to determine value of services for customers. Other major changes include minimizing the required documented information and removing some of the detail on how to implement the requirements such as CMDB, capacity and availability plans, as well as release and continual improvement policies.
The revised version of ISO/IEC 20000-1 provides considerable benefits for those organizations that adopt and implement its requirements. The revised standard is written to be applicable to all organizations since its requirements are intended to be incorporated in any management system; any organization is capable of fulfilling the requirements stated in the ISO/IEC 20000-1 standard and can demonstrate conformity with an independent assessment. Therefore, the ISO/IEC 20000-1 standard can be implemented by any organization, regardless of its size, sector, or type; it is simply a matter of scaling in order to meet the needs and objectives of different organizations.
Having a systematic approach that helps to better manage the services of the organization brings benefits to the organization and, most importantly, to its customers. Eventually, quality service is the core operation of any organization; therefore, good service is translated into a good organization. Having a successful Service Management System depends on a lot of factors; including:
- Leadership and commitment of top or senior management
- Promotion of an effective Service Management within the organization
- Identification of risks and opportunities within the organization
- Integration of the Service Management System into appropriate processes
- Alignment of Service Management policies with the objectives of the organization
- Continuous evaluation, monitoring, and improvement of the performance of the Service Management System
Although it can be used by all organizations that offer any sort of services to their customers, the ISO/IEC 20000-1 standard is particularly demanded by organizations that provide IT services. Other prospective users include customers seeking services and requiring assurance regarding the quality of those services or requiring a consistent approach to the service lifecycle by all its service providers, including those in a supply chain, or providers of training or advice in service management.
Service management trends
The revised standard addresses key service management trends including:
- Increasing use of commodity services, such as cloud services. The revised version of ISO/IEC 20000-1 removes some of the need for customer agreements and simplifies supplier contract requirements
- To support service integration and management, where multiple suppliers are managed by an internal or external service integrator, coordination and integration requirements are now included
- The increasing demand to add value to customers has resulted in a greater emphasis on determining intended the outcomes of the services and the value they deliver
Moreover, the increased focus on planning to drive improved performance resulted in the need to plan actions to address risks and opportunities for the SMS and the services, as well as to have a plan to achieve measurable SMS objectives.
IT service providers and the ISO/IEC 20000-1 certification
An ISO/IEC 20000-1 certification contributes to the success of IT service provider organizations. This is the same as with ISO 9001, which has become a benchmark of quality worldwide. A specific example might be drawn from the IT service providers operating in the U.S. government sector: they are required to prove that they have been certified against ISO/IEC 20000-1 and the implementation of the Service Management System when submitting a proposal. In this respect, having obtained the ISO/IEC 20000-1 certification, organizations fulfill the requirements set by the U.S. government.
The ISO/IEC 20000-1 certification represents a competitive advantage for service providers. Customers of any IT organization might rely on the externally monitored IT Service Management when dealing with organizations that are certified against the ISO/IEC 20000-1 standard. Moreover, being certified against this standard is considered as a strategic market strongpoint for IT service providers, as they are capable of positioning themselves better against their competitors. Additionally, because of ISO/IEC 20000-1, an IT Service Management will be motivated and enabled to adopt and adapt to the best global practices such as ITIL®. The introduction of these practices will change the working habits leading to changes in the work culture.
ITIL®— Information Technology Infrastructure Library
ITIL® is known as the golden standard framework which helps organizations that intend to transition from a basic IT infrastructure to a well-managed IT service-oriented organization. Hence, it provides guidance on implementing the best practices that enable an organization to meet specific IT requirements across all departments. However, the organizations themselves cannot be awarded an ITIL® certification. For this reason, they might seek certifications from other certification bodies such as PECB, which offers standards that make the ITIL® framework formal and certifiable, such as ISO/IEC 20000-1.
The Difference between ISO/IEC 20000-1 and ITIL®
ISO/IEC 20000-1:2018: Implementation Steps
A lot of questions arise when seeking to understand ISO/IEC 20000-1, but the most frequent question asked is “how to implement it?”. The implementation process is not easy in any standard; yet, approaching the implementation systematically, step by step makes the processes easier. The implementation phase should not have too many changes because this would lead to chaos within the organization. Hence, a twelve-step method that is ranked in a logical manner would make the process easier for any organization.
1. Gain management support: The first battle when deciding about the implementation process is to convince the management to support the implementation. Other than financial and technical resources, when implementing a process, there is also a need for a strong sponsor and solid continuous supporter. The support of the management is therefore fundamental to the success of the service management system. It is always a good idea to present a business case to the management to show the objectives, costs of implementation, opportunity cost, benefits, resources required, as well as the alternatives for its implementation.
2. Establish the project: This step is not mandatory; however, it would highly impact the implementation process by increasing its efficiency. By establishing a project before the implementation starts, the organization sets a clear goal and allocates the resources within the organization for a specific time frame to ensure its implementation. The project management plan is often used as a baseline to track the work done and to keep things under control in order to achieve the desired results.
3. Conduct a gap analysis: This step is highly advisable and highly effective when it comes to understanding the current state of the organization and the existing management system against the ISO/IEC 20000-1 requirements. While performing the gap analysis and understanding the potential of an organization, the management team should check the processes included in the standard, some of which are still not performed by the organization in order to ensure compliance with all the requirements in the latter stages. The gap analysis also allows knowing the degree of maturity of the processes already implemented and which will require more time and resources in their implementation to ensure compliance.
4. Define the scope, responsibilities and management intention: In this phase, the organization should decide about the foundation of the Service Management System and define the direction of all the activities that should be performed. This is the phase in which the scope, policy and responsibilities for the SMS are defined.
5. Implement supporting procedures: Supporting procedures are the ones that are not involved in the daily operations of the SMS, but indirectly affect the processes. These procedures may be such as the “procedure for documented information,” “communications procedure” or a “checklist.” Additionally, some of the supporting procedures are generic (document control); however, in general it should support the processes and accordingly should be developed/defined with or after the development of processes.
6. Generate processes: The previous steps were about setting up the management system, while this step is where the implementation of the SMS really starts. Here, it is required that all the processes for the operation of the SMS that are stated in the standard should be added. This is done by using the knowledge that the managers have obtained through their experiences, guidance from ISO 20000-2 or ITIL®, external help, different tools, etc. If the organization decided to “establish the project” in the beginning, this is the step in which organizations would benefit the most.
7. Implementation of the processes: In this step, the theory that has been developed turns into practice. At this point, the implementation of documented processes will begin in which the managerial skills are essential.
8. Conduct training and awareness programs: People within the organization that are involved in the Service Management System processes should be aware of their tasks and understand the objectives of the organization. An organizational change management process can be of great help in achieving the organizational changes that new service management processes require.
9. Operate the SMS: Managerial skills are very important, not only during the implementation phase, but also afterward. When the implementation of the SMS is finalized, it will support the services provided to the customers.
10. Create the “service continual improvement concept”: Changes within an organization are continual. In spite of that, changes should be carefully implemented with the aim of improving the overall performance of the organization. Once the organization defines the continual service improvement concept, it should implement, monitor and regularly improve the internal services, processes and technologies.
11. Conduct internal audits: it is the point where you evaluate what you have done so far. When performing an internal audit, organizations should contract independent auditors who are not part of the implementation process to perform the audit.
12. Management review: This is the concluding step of the implementation process, and it is obligatory for all organizations. According to ISO/IEC 20000-1, a meeting should be conducted in order to clarify the actions that have been taken and ensure their continual suitability, adequacy and effectiveness. In order to prepare for this meeting, there are some requirements stated in the standard that would make this process a lot easier.
13. Corrective actions: Consists of actions taken to improve an organization’s processes in order to eliminate the causes of any undesirable activity and nonconformity that are identified during the internal audit. This process should be conducted systematically in order to eliminate the recurrence of the nonconformity in the future.
After all these steps are finalized, the certification process will start with a Registered Certifying Body (RCB). This process involves two stages:
- Stage 1 audit (Documentation review): Initially the certification body visits the organization with the purpose of examining the Service Management System objectives, scope, documents and discussing on what needs to be improved, thus prepare for the stage 2 audit, which is the main audit. During this stage, the auditors ensure that all mandatory requirements of the standard are documented adequately.
- Stage 2 audit (Main Certification audit): In the final step, the auditors visit the organization to verify the effectiveness and adequacy of the SMS implementation. The successful conclusion of this audit will earn the organization the ISO 20000-1 certification.
Surveillance and Recertification — The certification (like most other ISO certifications) is valid for 3 years, during which time the Organization needs to undergo periodic (at least annual) Surveillance audits by the Certifying Body. After three years, the organization will need to undergo recertification by the RCB, which again goes through the three years surveillance cycle.
The certification audit allows a third party which is qualified to evaluate, to provide their opinion regarding the degree of compliance with the requirements of the standard, but it should be remembered that the certification itself should not be the objective of the implementation of a management system – rather, the certification should be a consequence of having achieved the strategic objectives of the organization for the delivery of quality services and the public recognition of that achievement.
Benefits of Implementing the ISO/IEC 20000-1 Standard
The implementation of ISO/IEC 20000-1 covers service delivery which impacts the organization as a whole and specifically the operation and provision of services. An effective implementation of an SMS brings many benefits to a lot of processes including service management. The following are five advantages that every organization would gain when implementing ISO/IEC 20000-1.
Competitiveness and credibility — The adoption of an internationally recognized standard improves the organization’s reputation in two ways:
- First, considering that upon implementing an effective SMS the organization would be more capable of competing against any size and type of organization, thereby creating a more competitive environment. Consequentially, the productivity, effectiveness and the efficiency of service delivery would increase as the organization works toward achieving common goals.
- Second, being certified would change the way partners, customers, suppliers and other interested parties perceive the organization. Additionally, the credibility of the organization, being one of the most important principles, would enhance as customers would trust the organization more when seeing that the processes within the organization are aligned with an internationally recognized standard and follow guidelines of a well-established framework – in this case with ISO/IEC 20000-1 and ITIL®, respectively.
Compliance — Taking into consideration that ISO/IEC 20000-1 includes legal and other regulations that should be followed by certified organizations, customers feel more secure about their purchases.
Customer satisfaction — Customer satisfaction is crucial for success in today’s marketplace. That is why all organizations strive to improve customer service and meet their customers’ needs and expectations in an ever-changing business environment. Implementing ISO/IEC 20000-1 facilitates the control of the processes within the organization and helps in fulfilling the requirements and expectations of customers. Adopting ISO/IEC 20000-1 sets grounds for reaching the Service Level Agreement (SLA) targets, since the organization would have defined management processes with the respective roles and responsibilities. This would improve the efficiency of the management team and the organization overall.
Productivity — It is very important that every person within the organization knows her or his roles and responsibilities. Implementing ISO/IEC 20000-1 helps in solving issues efficiently. Furthermore, being able to control the processes and resources of the organization would lead to better management of the costs and a more productive, effective and efficient organization.
Benchmark improvement — By being certified against an internationally recognized standard, organizations are capable of comparing their processes and services with other organizations that have already implemented management systems based on standards. The cornerstone of adopting ISO/IEC 20000-1 is the continual improvement of the services and processes within the organization, as it ensures that the SMS is reviewed, controlled and monitored on a regular basis. This creates the possibility that the organization improves its processes day by day and the management has a clear image of the efficiency and the performance of the organization.
Therefore, implementing ISO/IEC 20000-1 helps organizations understand that the excellence in the delivery of the services results in customer satisfaction, higher profit and an increased market share. Ultimately, all this leads to business excellence.
Training and Certification of Professionals
PECB has created a training roadmap and personnel certification scheme which is highly recommended for implementers and auditors of an organization that wishes to get certified against the ISO/IEC 20000-1 standard. The certification of organizations is a vital component as it provides evidence that organizations have developed standardized processes based on best practices.